Posted by: David Harley | July 25, 2017

Return of the Fruitfly

Well, personally, I’m more bothered with flying ants right now, but quite a few users of macOS/OS X are unsurprisingly concerned right now about the resurgent Fruitfly backdoor/spyware, the subject of an upcoming Black Hat presentation by Synack researcher Patrick Wardle that has attracted a great deal of attention:  Offensive Malware Analysis: Dissecting OSX/Fruitfly via a custom C&C Server. I talked (briefly) about an earlier iteration of the Fruitfly/Quimitchin malware  in January.

Further commentary:

Wardle told Mashable that ‘the entire Fruitfly malware net appears to be shut down at this time.’

David Harley

Posted by: David Harley | July 20, 2017

Skycure pessimistic about iOS

John Leyden is slightly sceptical of Skycure’s pessimism as regards iOS breaches and vulnerabilities: Martijn Grooten of Virus Bulletin even more so. “Android malware is still far more common. The whole report looks like the authors are desperate to make iOS security sound as bad as possible.”

The article: No one still thinks iOS is invulnerable to malware, right? Well, knock it off – As platform’s popularity continues to rise, so does its allure to miscreants 

Skycure’s report  here,

David Harley

Posted by: David Harley | July 20, 2017

Apple Updates

David Harley

Posted by: David Harley | July 17, 2017

More about OSX/Dok

Further to my earlier post, here’s a link to more information from Checkpoint: OSX/Dok Refuses to Go Away and It’s After Your Money

See also their earlier post: OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated) 

Commentary from David Bisson for Graham Cluley’s blog: Malware installs Signal as part of scheme to steal Mac users’ banking credentials – A harbinger of ported threats to come for Mac users?

David Harley


Posted by: David Harley | July 13, 2017

OSX_DOK malware

Trend Micro: OSX Malware Linked to Operation Emmental Hijacks User Network Traffic

“The OSX_DOK malware (Detected by Trend Micro as OSX_DOK. C)  showcases sophisticated features such as certificate abuse and security software evasion that affects machines using Apple’s OSX operating system.”

David Harley

Posted by: David Harley | July 6, 2017

AV-Test Comparative Test

AV-Test: 10 Antivirus Suites for MacOS Sierra Put to the Test

Not much detail on methodology, though.

David Harley

Posted by: David Harley | July 4, 2017

AV-Test Stats: Spikes in macOS and Android malware

AV-Test offers an interesting aggregation of 2016/2017 malware statistics in its Security Report here.

Particularly relevant to this site:

  • Looking at the growth in malware for specific platforms, AV-Test notes a decrease in numbers for malware attacking Windows users. (Security vendors needn’t worry: there’s still plenty to go round…)
  • On the other hand, the report says of macOS malware that ‘With an increase rate of over 370% compared to the previous year, it is no exaggeration to speak of explosive growth.’ Of Android, it says that ‘the number of new threats … has doubled compared to the previous year.’

David Harley

Posted by: David Harley | June 23, 2017

OceanLotus – a New(ish) Wave

Analysis by Palo Alto of The New and Improved macOS Backdoor from OceanLotus.  Palo Alto states that this version is targeting victims in Vietnam.

For background, an article from early 2016 by AlienVault: OceanLotus for OS X – an Application Bundle Pretending to be an Adobe Flash Update 

David Harley

Posted by: David Harley | June 15, 2017

Fake AV and ‘Wannacry Protectors’ for Android

Gabriela Vatu for Softpedia: Hundreds of Malicious Apps Posing as Virus Scanners Found in App Stores – These virus scanners will actually do you harm

Warnings about Wannacry protectors – Wannacry doesn’t affect Android – from McAfee, and fake AV statistics from RiskIQ.

There are no direct links in the article, so I’ve included some here:

David Harley

Posted by: David Harley | June 13, 2017

MacRansom (& MacSpy)

[Updated 15th June 2017]

(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.)

Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’

Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as Ransomware as a Service

Sophos: More evidence Mac ransomware exists

Fortinet notes that “Nevertheless, we are still skeptical of the author’s claim to be able to decrypt the hijacked files, even assuming that the victims sent the author an unknown random file…”

AlienVault: MacSpy: OS X RAT as a Service

David Harley

Older Posts »